A recent Secunia study indicated that Apple had the most vulnerabilities of the major tech companies (Source: Secunia)

Apple's Safari browser happily will fill in your personal info to malicious web forms. This glaring flaw can lead to an unacceptable breach of privacy. (Source: Jeremiah Grossman)

"It just works." -- Apple slogan

Apple
is known for its tendency to deny problems with its popular gadgets,
making life miserable for customers when such problems occur.
While Apple's iPhone
4 antenna issues are currently stealing the show, there's
perhaps no better example overall than Apple's spotty
track record on security.

Security research firm
Secunia just released a list of vulnerabilities and Apple for the
first has come out on top as the most vulnerable. Secunia
warns, "[The] graph is not an indication of the individual
vendors’ security, as it is not possible to compare the vendors
based on number of vulnerabilities alone."

Apple's
supporters were quick to attack the report. AppleInsiderwrites:

Not
all vulnerabilities are equal: Secunia outlines five levels of
criticality ranging from minor "not critical" issues to
"extremely critical" problems that can result in remote
exploits without any interaction from the user, and for which active
exploits are already known to exist. Yet Secunia's vulnerability
report totals throw all these various types of flaws together into
sums that are frequently used for meaningless comparison purposes.

It's
ironic that almost simultaneous to the report another significant
security flaw in Safari aired. Safari -- Apple's browser
software -- has oft seen releases so
buggy to the point that they were unusable. Safari 5
certainly offered some improvements in that department, but it
apparently doesn't fair particularly better in the security
department than past
releases, including Safari 4 which had a flaw so
severe it prompted a Department Homeland Security warning.

While
the latest
Safari bug isn't as bad an exploit as some go, considering it's
not a route to installing malware, it can result in the theft of your
personal info. It all starts with one of Apple's features in
Safari -- autofill. Different from the standard browser's
autofill, which remembers users names and passwords for certain
sites, Safari has an even more ambitious autofill which maintains
info about a user in their address book card and offers up these
details when needed.

Unfortunately, Apple didn't appear to
realize that it was necessary to screen what it allows to access this
data. Security researchers revealed that a simple web form can
grab much of this data -- first name, last name, work place, city,
state, and email address -- no questions asked.

Such info
could be used in phishing schemes. It could also be used in
blackmail schemes if the users were visiting naughty websites.
Ultimately, it represents a gross threat to privacy that easily
surpasses Apple's recent loss
of iPad buyers' email addresses (a problem that was largely
carrier AT&T's fault). Apple was informed of the problem on
June 17, 2010, but since has done nothing.

The flaw was
discovered by Jeremiah Grossman, founder of WhiteHat
Security.

Security problems are hardly something new for Apple
though. The iPhone has increasingly been attacked.
One security researcher suggested its security was so poor that it
was "useless"
to businesses. Apple has made some improvements with each
release of its iPhone OS, but they didn't stop malicious
worms from cropping up in the iPhone 3GS generation.

Ultimately, though
what is really killing Apple is its slow patch time. Apple's
"there is no problem" mentality has made it the slowest
company at patching, according to recent surveys. It took
it a year to finally last year (June) patch a major
Java hole. Unfortunately, such performance is more the rule
than the exception to it.

"Well, we didn't have anyone in line that got shot waiting for our system." -- Nintendo of America Vice President Perrin Kaplan